- Best Prime Day Nintendo deals to shop in October 2024
- Amazon Prime Day Deals Live: We found 145+ of the best deals ahead of October's Big Deal Days
- The Ninja Creami Ice Cream Maker is $30 off ahead of October Prime Day
- Best early Prime Day deals under $50 to shop in October 2024
- Best Prime Day Fire TV deals to shop in October 2024
#IMOS21: Six Components of a Bug Bounty Program
Speaking at the Spring Infosecurity Magazine Online Summit, Sean Poris, director, product security at Verizon Media, explored how to run a bug bounty program, outlining the six components of a successful big bounty structure.
Poris explained that, by investing in bug bounties, organizations are potentially tapping into “hundreds of thousands of global hackers” that think about software and vulnerabilities in ways that internal staff might not.
He also said that knowing and understanding your objectives is key when it comes to running a bug bounty program, so organizations must have clear focus on “what they are trying to accomplish in standing up the program.” This should also include taking time to consider “what researchers will want from your program” and how you can work alongside them, along with the long-term goal of your program.
Once those aspects are established, Poris said there are six components to ensuring ongoing bug bounty success for an organization.
These six components are:
- Scope: what’s in, what’s out?
- Platform: report intake and communications
- Talent: hackers and teams
- Financials: budget, forecast and payments
- Operations: process, consistency and oversight (metrics)
- Policy: rules of the road, safe harbor and compliance
Ultimately, “a bug bounty program is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs,” and by taking a considered, federation-like approach, organizations can make a success of their bug bounty journeys.